1 hour ago · Tech · hide · 0 comments

Testing is all about return on investment: how do we maintain an acceptable level of trust in the code with the least amount of effort? Fuzz testing verifies that the code does something sensible with a large number of randomly generated inputs. It is usually only used on safety- or security-critical code like cryptography libraries, because it can be a lot of work to both implement and run with sufficient amounts of input. But a light-weight variant can be used to improve the payoff of regular tests. As a bonus, it makes tests easier to read and write. Prerequisites: We already have a test suite, or we’re about to create one. In this article we’ll be adding fuzzing to existing tests to get more out of them, not writing “pure” fuzz tests. We know how to write reliable tests. This technique will not be useful if we’re regularly committing tests which fail even though nothing was wrong with the code under test or succeed when the code under test is wrong. This is a normal part of…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.